Forwarded from: security curmudgeon <jerichoat_private> cc: certat_private Random comments from the peanut gallery. I'm tired and grumpy, so bear with me. > http://www.vnunet.com/News/1130755 > > By James Middleton [09-04-2002] > > Hacking tools are becoming increasingly sophisticated > > The Computer Emergency Response Team (Cert) has released a report > pinpointing the six fastest evolving trends in the black hat world > of internet security. > > The organisation, which has been monitoring hacker activity since > 1998, found that the most notable trend to evolve over recent years > is the automation and speed of attack tools. CERT has been around for over a decade, and they are monitoring 'hacker activity' for only the last five? Jeez, either that is serious errata or CERT is full of slackers that overlooked a key part of their function. > Although widespread scanning over the internet has been common since > 1997, today's tools are set to maximise impact and speed. > > Freely available attack tools now exploit vulnerabilities as part of > the scanning process and are capable of self-initiating new attacks > on a well-managed and co-ordinated global scale. "now"? This has been going on a lot longer than people realize or admit. ADM did a proof of concept 'worm' that hit 1 or 2 linux vulns that spread for a while some 3+ years ago. > Public communications protocols such as IRC and Instant Messenger > have now become popular methods for co-ordinating attack tools. This warning, and the last about "social engineering over irc!!" really do cry out "we're desperate for attention". Remote root vulnerabilities flying across Bugtraq left and right, while CERT is resigning itself to pure shit advisories. Why? > The increasing permeability of firewalls is also posing a problem, > as security is being sacrificed to convenience. More technologies > are being designed to bypass firewalls, such as IPP (the Internet > Printing Protocol) and WebDAV (Web-based Distributed Authoring and > Versioning). Lets see here.. IPP: RFC 2568, by S. Zilles of Adobe Systems Inc. WebDAV: RFC 2518, by Microsoft, UC Irvine, Netscape, Novell Adobe, who likes to forego security in favor of litigating.. and then we have Microsoft and others. And don't forget SOAP!! Anyone else remember the SOAP "documentation"? "Currently, developers struggle to make their distributed applications work across the Internet when firewalls get in the way. Since most firewalls block all but a few ports, such as the standard HTTP port 80, all of today's distributed object protocols like DCOM suffer.." I love it when these companies with big security initiatives are behind entire protocols designed to bypass firewalls. Funny that CERT doesn't mention the culprits of these protocols. Oh yeah, they are sissies. Nevermind. > Analyst firm Computer Economics recently estimated that the total > economic impact of Code Red was $2.6bn, and that SirCam cost another > $1.3bn. The 11 September attacks will cost around $15.8bn to restore > IT and communication infrastructure. Oh great firm to quote. "Computer Economics", the company that has absolutely ZERO economists on their staff. Jeez. I bet they are sure experts on all things related to economics. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Apr 13 2002 - 03:19:19 PDT